Presented at
Summercon 2018,
June 29, 2018, noon
(50 minutes).
Do you want a koober netty? Or do you already have one? You may even already have many koober netties (pronounced: "kubernetes"). Either way, it turns out that they can be used for more things than just running your Linux containers in the cloud. They can also be used to give attackers access to thousands more computers than just the one running the container that the attacker got a shell in. How cool is that? In this talk, we'll discuss all of the magical ways that Kubernetes can give attackers access to your entire cluster and cloud environments. We'll also discuss some ways that it can be made to not do this if making attackers sad is your thing.
Presenters:
-
Dino Dai Zovi
Dino Dai Zovi is the Co-Founder and CTO at Capsule8. Dino is also a regular speaker at information security conferences having presented his independent research at conferences around the world including DEF CON, Black Hat, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker's Handbook" (Wiley, 2009) and "The Art of Software Security Testing" (Addison-Wesley, 2006). He is best known in the information security community for winning the first PWN2OWN contest at CanSecWest 2007.
@dinodaizovi
Links:
Similar Presentations: